netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jesse Gross <jesse@nicira.com>
To: Roger Luethi <rl@hellgate.ch>
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>
Subject: Re: VLAN packets silently dropped in promiscuous mode
Date: Thu, 30 Sep 2010 14:21:15 -0700	[thread overview]
Message-ID: <AANLkTikrfx1T3ay0AGWkS6Ab28J4O_er2TsbRinBSGen@mail.gmail.com> (raw)
In-Reply-To: <20100930080703.GA10827@core.hellgate.ch>

On Thu, Sep 30, 2010 at 1:07 AM, Roger Luethi <rl@hellgate.ch> wrote:
> On Wed, 29 Sep 2010 10:44:26 -0700, Jesse Gross wrote:
>> On Wed, Sep 29, 2010 at 4:37 AM, Roger Luethi <rl@hellgate.ch> wrote:
>> > I noticed packets for unknown VLANs getting silently dropped even in
>> > promiscuous mode (this is true only for the hardware accelerated path).
>> > netif_nit_deliver was introduced specifically to prevent that, but the
>> > function gets called only _after_ packets from unknown VLANs have been
>> > dropped.
>>
>> Some drivers are fixing this on a case by case basis by disabling
>> hardware accelerated VLAN stripping when in promiscuous mode, i.e.:
>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5f6c01819979afbfec7e0b15fe52371b8eed87e8
>>
>> However, at this point it is more or less random which drivers do
>> this.  It would obviously be much better if it were consistent.
>
> My understanding is this. Hardware VLAN tagging and stripping can always be
> enabled. The kernel passes 802.1Q information along with the stripped
> header to libpcap which reassembles the original header where necessary.
> Works for me.

Sorry, I misread your original post as saying that the VLAN header
gets dropped, rather than the entire packet.  I agree that this is how
it should work but not necessarily how it does work (again, depending
on the driver).  Here's the problem that I was talking about:

Most drivers have a snippet of code that looks something like this
(taken from ixgbe):

if (adapter->vlgrp && is_vlan && (tag & VLAN_VID_MASK))
	vlan_gro_receive(napi, adapter->vlgrp, tag, skb);
else
	napi_gro_receive(napi, skb);

At this point the VLAN has already been stripped in hardware.  If
there is no VLAN group configured on the device then we hit the second
case.  The VLAN header was removed from the SKB and the tag variable
is unused.  It is no longer possible for libpcap to reconstruct the
header because the information was thrown away (even the fact that
there was a VLAN tag at all).

There are a couple ways to fix this:

* Turn off VLAN stripping when in promiscuous mode (as done by the ixgbe driver)
* Reconstruct the VLAN header when there is no VLAN group (as done by
the tg3 driver)

A bunch of drivers do neither (bnx2x, for example) and exhibit this
problem.  It's getting better but it seems like a common issue.

  parent reply	other threads:[~2010-09-30 21:21 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-29 11:37 VLAN packets silently dropped in promiscuous mode Roger Luethi
2010-09-29 17:44 ` Jesse Gross
2010-09-30  8:07   ` Roger Luethi
2010-09-30  9:16     ` Eric Dumazet
2010-09-30  9:55       ` Eric Dumazet
2010-09-30 10:40         ` Eric Dumazet
2010-09-30 10:50           ` Patrick McHardy
2010-09-30 12:16             ` Eric Dumazet
2010-10-01  1:04               ` David Miller
2010-09-30 21:21     ` Jesse Gross [this message]
2010-09-30 22:04       ` Eric Dumazet
2010-10-01  2:37         ` Jesse Gross
2010-10-01  5:10           ` Eric Dumazet
2010-10-01  7:06             ` [PATCH net-next] net: add a core netdev->rx_dropped counter Eric Dumazet
2010-10-04 20:27               ` Jesse Gross
2010-10-05 21:48               ` David Miller
2010-10-01  8:41             ` VLAN packets silently dropped in promiscuous mode Eric Dumazet
2010-10-04 20:21               ` Jesse Gross
2010-10-15  9:16       ` Guillaume Gaudonville
2010-10-15 21:33         ` Jesse Gross
2010-10-25 13:48           ` Guillaume Gaudonville
2010-10-26  0:40             ` Jesse Gross
2010-10-27  8:32               ` Guillaume Gaudonville

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AANLkTikrfx1T3ay0AGWkS6Ab28J4O_er2TsbRinBSGen@mail.gmail.com \
    --to=jesse@nicira.com \
    --cc=kaber@trash.net \
    --cc=netdev@vger.kernel.org \
    --cc=rl@hellgate.ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).